A Simple 3 Step Guide to Cross-Account Access in AWS

Consider a scenario: you have 2 AWS accounts: dev & prod. You need an IAM user in dev to be able to access resources in prod. This article explains a simple 3-step approach to accomplishing this.

Step 1: Create an IAM Role in Prod

Login to prod as a privileged user & create an IAM role with the permissions that the dev user should have when they assume this role:

Step 2: Allow Dev User to Assume the Prod Role

Next, log out of prod, login to dev as a privileged user & apply an inline policy to the IAM user that should be able to access prod resources:

Provide the ARN of the prod role in the resources section of the policy.

Step 3: Switch Role from Dev to Prod

Next, log out & login to dev as the IAM user & switch role to start accessing prod resources:


Harish KM is a Cloud Evangelist & a Full Stack Engineer at QloudX. 

He is very passionate about cloud-native solutions & using the best tools for his projects. With 10+ cloud & IT certifications, he is an expert in a multitude of application languages & is up-to-date with all new offerings & services from cloud providers, especially AWS.

Leave a Reply

Your email address will not be published. Required fields are marked *